2012-06-18 04:44:51 -04:00
require 'fog/core/json'
module Fog
module AWS
module CredentialFetcher
2012-06-22 11:19:52 -04:00
INSTANCE_METADATA_HOST = " http://169.254.169.254 "
INSTANCE_METADATA_PATH = " /latest/meta-data/iam/security-credentials/ "
2012-06-18 04:44:51 -04:00
module ServiceMethods
def fetch_credentials ( options )
if options [ :use_iam_profile ]
begin
2012-06-22 11:19:52 -04:00
connection = options [ :connection ] || Excon . new ( INSTANCE_METADATA_HOST )
role_name = connection . get ( :path = > INSTANCE_METADATA_PATH , :expects = > 200 ) . body
role_data = connection . get ( :path = > INSTANCE_METADATA_PATH + role_name , :expects = > 200 ) . body
2012-06-18 04:44:51 -04:00
2012-06-22 11:19:52 -04:00
session = Fog :: JSON . decode ( role_data )
2012-06-18 04:44:51 -04:00
credentials = { }
credentials [ :aws_access_key_id ] = session [ 'AccessKeyId' ]
credentials [ :aws_secret_access_key ] = session [ 'SecretAccessKey' ]
credentials [ :aws_session_token ] = session [ 'Token' ]
credentials [ :aws_credentials_expire_at ] = Time . xmlschema session [ 'Expiration' ]
#these indicate the metadata service is unavailable or has no profile setup
credentials
2012-06-22 11:19:52 -04:00
rescue Excon :: Errors :: Error = > e
2013-01-21 12:34:33 -05:00
Fog :: Logger . warning ( " Unable to fetch credentials: #{ e . message } " )
2012-06-18 04:44:51 -04:00
super
end
else
super
end
end
end
module ConnectionMethods
def refresh_credentials_if_expired
refresh_credentials if credentials_expired?
end
private
def credentials_expired?
@use_iam_profile &&
( ! @aws_credentials_expire_at ||
( @aws_credentials_expire_at && Fog :: Time . now > @aws_credentials_expire_at - 15 ) ) #new credentials become available from around 5 minutes before expiration time
end
def refresh_credentials
if @use_iam_profile
new_credentials = service . fetch_credentials :use_iam_profile = > @use_iam_profile
if new_credentials . any?
setup_credentials new_credentials
return true
else
false
end
else
false
end
end
end
end
end
end
